Software and Cybersecurity Risk Management for Medical Devices

precon

8:00 a.m. – 8:30 a.m.

Registration and Continental Breakfast

8:30 a.m. – 9:00 a.m.

Welcome and Introductions

9:00 a.m. – 10:00 a.m.

Software Characteristics Comparing to Hardware

  1. Understanding the difference between software and hardware
  2. Understanding software quality and reliability engineering
  3. Challenges of software risk management and cybersecurity

FDA’s Analysis of Software Recalls

  1. What kinds of software issues causing recalls
  2. What kinds of devices have more software issues
  3. What are the common types of causes for software calls

10:00 a.m. – 10:15 a.m.

Refreshment Break

10:15 a.m. – 11:00 a.m.

Overview of FDA Software & Cybersecurity Related Guidance

  1. Mobile Medical Applications (Feb 2015)
  2. Medical Devices Data Systems, Medical Image Storage Devices and Medical Image Communications Devices (Feb 2015)
  3. Total Product Life Cycle: Infusion Pump (Dec 2014)
  4. Content of Premarket Submissions for Management of Cybersecurity in Medical Devices (Oct 2014)
  5. FDASIA Health IT Report – Proposed Strategy and Recommendations (April 2014)
  6. NIST Framework for Improving Critical Infrastructure Cybersecurity (January 2014)
  7. Radio Frequency Wireless Technology in Medical Devices (Aug 2013)
  8. General Principles of Software Validation
  9. Content of Premarket Submissions for Software Contained in Medical Devices
  10. Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software

11:00 a.m. – 12:15 a.m.

Overview of Software & Cybersecurity Related Standards

  1. ISO 14971:2007, EN ISO 14971:2012,
  2. IEC TR 80002-1 Application of ISO 14971 for Software
  3. IEC 62304 Medical Device Software Life Cycle Process, IEC 82304 Healthcare Software
  4. NIST Framework for Improving Critical Infrastructure Cybersecurity, 2014
  5. ISO/IEC 27001:20013 – Information Security Management
  6. AAMI/ISO I4971 TIR in Process – AAMI Device Security Group
  7. Medical IT Networks Safety, Security and Interoperability
  8. IEC 80001-1 Managing Medical IT Networks and Relevant Technical Reports
  9. TIR 80001-2-2:2012 – Application of Risk Management for IT Networks Incorporating Medical Devices

12:15 p.m. – 1:15 p.m.

Lunch

1:15 p.m. – 2:15 p.m.

Risk Analysis for Medical Device Software

  1. Preliminary hazard analysis
  2. Top down analysis, Fault Tree Analysis
  3. Bottom up analysis – design FMEA, function FMEA, process FMEA, use FMEA, common causes of software failures
  4. Connectivity analysis between top down and bottom up

2:15 p.m. – 3:15 p.m.

Group Exercise and Review With Instructors – Risk Analysis for Medical Device Mobile Apps

3:15 p.m. – 3:30 p.m.

Refreshment Break

3:30 p.m. – 4:30 p.m.

Risk Assessments and Risk Controls for Medical Device Software

  1. Software related risk assessment
  2. Risk control basics
  3. Software lifecycle process control measures
  4. Risk control identification
  5. Control measures implementation and effectiveness

4:30 p.m. – 5:30 p.m.

Group Exercise and Review With Instructors – Risk Controls for Software Hazards 

5:30 p.m.

End of Day One

 

register

Day 1 | Day 2

Back to Top